From owner-freebsd-security  Mon Mar 20 17:10:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.targetnet.com (mail.targetnet.com [207.245.246.3])
	by hub.freebsd.org (Postfix) with ESMTP id 7759F37BDEC
	for <freebsd-security@freebsd.org>; Mon, 20 Mar 2000 17:10:10 -0800 (PST)
	(envelope-from james@targetnet.com)
Received: from james by mail.targetnet.com with local (Exim 3.02 #1)
	id 12Vy6s-000DOz-00; Fri, 17 Mar 2000 09:52:18 -0500
Date: Fri, 17 Mar 2000 09:52:18 -0500
From: James FitzGibbon <james@targetnet.com>
To: Rodrigo Campos <camposr@MATRIX.COM.BR>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
	freebsd-security@freebsd.org
Subject: Re: wrapping sshd
Message-ID: <20000317095218.D41950@targetnet.com>
References: <59327.953151264@axl.ops.uunet.co.za> <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre1i
In-Reply-To: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
Organization: Targetnet.com Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Rodrigo Campos (camposr@MATRIX.COM.BR) [000315 16:58]:

> > The answer has nothing to do with secrurity, although you couldn't have
> > known that without reading the sshd(8) manual page. :-)
> > 
> > Look for the first occurance of the word inetd in the sshd(8) manual
> > page.
> 
> But my question has nothing to do with inetd, by "wrapping sshd" I mean
> compiling it with support to libwrap, wich would make it read the
> /etc/hosts.allow file in order to grant or deny access based on the
> client hostname or ip address, even when it's running as a daemon.

I agree with you on this one; the comment should be in /etc/inetd.conf and
changed to reference the downside of having sshd running from inetd.  The
ports Makefile for the original datafellows sshd has the commment:

#
# Maximal ssh package requires YES values for
# USE_PERL, USE_TCPWRAP
#

and I have always compiled my copy of sshd linked with libwrap for this
reason.

-- 
j.

James FitzGibbon                                           james@targetnet.com
Targetnet.com Inc.                              Voice/Fax +1 416 306-0466/0452


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message